CN117272325A - DOS-based equipment operation protection method, system, equipment and storage medium - Google Patents
DOS-based equipment operation protection method, system, equipment and storage medium Download PDFInfo
- Publication number
- CN117272325A CN117272325A CN202311319748.3A CN202311319748A CN117272325A CN 117272325 A CN117272325 A CN 117272325A CN 202311319748 A CN202311319748 A CN 202311319748A CN 117272325 A CN117272325 A CN 117272325A
- Authority
- CN
- China
- Prior art keywords
- login
- user
- password
- path
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000012795 verification Methods 0.000 claims description 293
- 238000004364 calculation method Methods 0.000 claims description 120
- 230000002159 abnormal effect Effects 0.000 claims description 18
- 230000015654 memory Effects 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 13
- 238000012544 monitoring process Methods 0.000 claims description 12
- 238000000605 extraction Methods 0.000 claims description 11
- 238000012986 modification Methods 0.000 claims description 7
- 230000004048 modification Effects 0.000 claims description 7
- 230000008676 import Effects 0.000 claims description 5
- 238000013075 data extraction Methods 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a DOS-based equipment operation protection method, a DOS-based equipment operation protection system, DOS-based equipment operation protection equipment and a DOS-based storage medium, and belongs to the field of digital information transmission.
Description
Technical Field
The invention belongs to the field of digital information transmission, and particularly relates to a DOS-based equipment operation protection method, a DOS-based equipment operation protection system, DOS-based equipment and a DOS-based storage medium.
Background
Currently, DOS (Disk Operating System) is an operating system commonly used on early Personal Computers (PCs), which has some loopholes and challenges in terms of security, in order to protect DOS-based devices from potential threats and attacks, different login passwords and access rights are generally allocated to different people in the process of running and protecting important devices of the DOS system, and when a hacker attacks, the login passwords (such as access links or Trojan viruses) of the people are often obtained by other means, once the login passwords of the people are obtained, the hacker cannot know to steal data of the devices, so that the security performance is poor, and the problems in the prior art exist;
an apparatus for running a password-protected virtual machine, in particular an apparatus for running a password-protected virtual machine suitable for a blockchain running environment, is claimed, for example, in chinese patent application publication No. CN111133434a, which has: the apparatus is for providing at least one first link of a blockchain, the at least one first link comprising at least one transaction data record describing at least one first operational state of the virtual machine and having at least one command for forming a second link in the blockchain, wherein the at least one transaction data record of the second link describes a second operational state of the virtual machine that is changed relative to the first operational state, the apparatus being for providing a checking function that checks whether a transaction to be implemented defined by the at least one transaction data record is allowed in terms of whether the second operational state of the virtual machine is allowed, the apparatus being for implementing the transaction according to whether the checked is allowed;
meanwhile, for example, in chinese patent with the issued publication number CN104657031B, a method for touch operation is disclosed, which includes: receiving an input password at a password unlocking interface; when the input password comprises an unlocking password, unlocking the screen; and executing the function corresponding to the information except the unlocking password in the input password. The embodiment of the invention also provides a touch operation device. According to the technical scheme provided by the invention, after the terminal equipment locks the screen, when the input information is unlocked, the information indicating the terminal equipment to immediately run after the unlocking is carried, so that the user can conveniently and efficiently execute the function needing to be triggered, and the operation of the triggering function is simple, quick and efficient. Meanwhile, when the terminal equipment is unlocked, the information indicating the immediate operation of the terminal equipment and the unlocking password are simultaneously input, which is equivalent to the encryption of the unlocking password, so that the reliability and the safety of the user equipment are improved, and the information safety of the user is effectively protected.
The problems proposed in the background art exist in the above patents: in the process of performing important equipment operation protection of a DOS system, different login passwords and access rights are generally distributed to different personnel, and when a hacker attacks, the login passwords (such as access links or Trojan viruses) of the personnel are often obtained through other means, once the login passwords of the personnel are obtained, the hacker can unconsciously steal the data of the equipment, so that the safety performance is poor, and in order to solve the problems, the application designs a DOS-based equipment operation protection method, a DOS-based equipment operation protection system, a DOS-based equipment operation protection storage medium.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a DOS-based equipment operation protection method, a DOS-based equipment operation protection system, DOS-based equipment operation protection equipment and a DOS-based storage medium.
In order to achieve the above purpose, the present invention provides the following technical solutions:
the DOS-based equipment operation protection method comprises the following specific steps:
s1, respectively acquiring and deriving user password verification information, user access permission and user browsing path information stored in a device hard disk, wherein the user password verification information specifically comprises the following steps: user password verification error number data, user verification password time data and user single verification password input character error number data;
s2, substituting the password verification information into a password verification value calculation strategy to calculate a password verification value;
s3, after the password verification is passed, judging whether the password verification value is greater than or equal to a password verification threshold value, and if so, executing S4; if not, the user login is not set as the login to be monitored, and the user freely accesses the content of the access authority;
s4, setting the user login as a login to be detected, and monitoring browsing path information of the user login;
s5, extracting the real-time browsing path information of the login to be detected and the historical browsing path information of the user corresponding to the login to import the path verification value into a path verification value calculation strategy to calculate a path verification value;
s6, substituting the path verification value and the password verification value into a login difference calculation strategy to calculate a login difference value;
s7, judging whether the login difference value is larger than or equal to a set login difference alarm value, if so, carrying out abnormal login alarm, and if not, carrying out abnormal login alarm.
Specifically, the specific content of S1 includes the following steps:
s11, taking user password verification error number data (x) after the last password modification stored in a hard disk of the equipment 1 ,x 2 ,...,x n ) User authentication password time data (y) 1 ,y 2 ,...,y n ) And the user single-time verification password input character error number data (z 1 ,z 2 ,...,z n ) Wherein x is i For the number of user password verification errors in the ith login, y i Is the firstUser verification password time data and z during i times of login i The method comprises the steps that the number of character errors is input for a user single verification password in the ith login, wherein i belongs to any one of 1-n, n is the number of user login after the last password modification, and user access authority and user browsing path information stored in a device hard disk are simultaneously taken;
s12, calculating the average value of the verification error times of the user passwordAverage value of user authentication password timeAnd average value of number of character errors of user single verification password input +.>
Specifically, the specific steps of the password authentication value calculation strategy of S2 are as follows:
s21, extracting an average value of the password verification error times of the user, an average value of the password verification time of the user and an average value of the character error times of the single password input of the user, and simultaneously taking the error times of the password verification of the user, the password verification time and the character error times of the single password input of the user;
s22, importing the data extracted in the S21 into a password verification value calculation formula to calculate a password verification value, wherein the password verification value calculation formula is as follows:wherein x is t Number of errors for the user's password verification, y t Verification password time, z, for the user's password verification t Inputting character error times, a, for the verification password of the user for the password verification 1 The error number of the password verification is the ratio coefficient, a 2 Verifying the time duty ratio coefficient of the password for password verification, a 3 Inputting a character error number duty ratio coefficient for verifying a password, wherein a 1 +a 2 +a 3 =1, at the same time a 1 ≥a 2 ≥a 3 。
Specifically, in S4, the specific step of setting the user login as a login to be detected and monitoring the browsing path information of the user login includes the following steps:
s41, setting a user login with a password verification value greater than or equal to a password verification threshold value as a login to be detected, extracting browsing path information of the login to be detected, wherein the browsing path information comprises path content corresponding to a browsing path and the number of times of the browsing path, the path content corresponding to the browsing path is a browsing path for accessing one of the affiliated interfaces by one interface, and the browsing path is as follows: the temperature control system and the humidity control system exist in the control interface, and the auxiliary interface of the temperature control system comprises a plurality of temperature control modules of the air conditioners, so that the temperature control modules from the temperature control system to one of the air conditioners are used as browsing paths;
s42, storing the times of historical browsing paths of the user and path contents corresponding to the browsing paths, extracting the times outside the historical access rights of the user, and monitoring the times outside the login access rights to be detected at the same time;
s43, calculating an average value of times except for the historical access rights of the user, wherein the calculation formula is as follows:where si is the number of times outside the history access rights of the ith normal login user.
Specifically, the path verification value calculation strategy in S5 includes the following specific steps:
s51, extracting path content (p) corresponding to the user history browsing path 1 ,p 2 ,...,p n1 ) Browsing path information (P) of login to be detected 1 ,P 2 ,...,P n2 ) Average of the number of times outside the user's historical access rights and the number of times outside the access rights of the login to be detected, where p j For the browsing path of the j-th browsing history, j is any one of 1-n1, n1 is the number of the historical browsing paths, and P m Log in for waiting to detectm browsing paths are browsed m times, m is any one of 1-n2, and n2 is the number of login browsing paths to be detected;
s52, the path content (p 1 ,p 2 ,...,p n1 ) Browsing path information (P) of login to be detected 1 ,P 2 ,...,P n2 ) Substituting the first verification value into a first verification value calculation formula to calculate a first verification value, wherein the first verification value calculation formula is as follows:wherein U is the union of the two sets, U is the intersection of the two sets, Q () is the number of elements in brackets;
s53, substituting the average value of the times except the historical access rights of the extracted user and the times except the access rights of the login to be detected into a second verification value calculation formula to calculate a second verification value, wherein the calculation formula of the second verification value is as follows:wherein S is 1 For the times beyond the access rights of the login to be detected, S is the average value of the times beyond the historical access rights of the user;
s54, substituting the calculated first verification value and second verification value into a path verification value calculation formula to calculate a path verification value, wherein the path verification value calculation formula is as follows:wherein beta is 1 For the first path value duty cycle, beta 2 Is the second path value duty ratio coefficient, wherein beta 1 +β 2 =1。
Specifically, the login difference value calculation policy in S6 includes the following specific contents:
and substituting the path verification value and the password verification value obtained through extraction and calculation into a login difference value calculation formula to calculate the login difference value, wherein the login difference value calculation formula is the added value of the path verification value and the password verification value.
The DOS-based equipment operation protection system is realized based on the DOS-based equipment operation protection method, and specifically comprises the following steps: the system comprises a control module, an information extraction module, a password verification value calculation module, a password verification value judgment module, a setting module, a path verification value calculation module, a login difference value calculation module, a login judgment module and an abnormal login alarm module, wherein the control module is used for operating the information extraction module, the password verification value calculation module, the password verification value judgment module, the setting module, the path verification value calculation module, the login difference value calculation module, the login judgment module and the abnormal login alarm module, the information extraction module is used for respectively collecting and deriving user password verification information, user access permission and user browsing path information stored in a hard disk of the device, the password verification value calculation module is used for substituting the password verification information into a password verification value calculation strategy to calculate a password verification value, the password verification value judgment module is used for judging whether the password verification value is larger than or equal to a password verification threshold after the password verification is passed, and the setting module is used for setting the user login of which is larger than or equal to the password verification threshold as login to be detected.
Specifically, the path verification value calculation module is used for extracting the real-time browsing path information of the login to be detected and the historical browsing path information of the user corresponding to the login, importing the path verification value into the path verification value calculation strategy, calculating the path verification value, substituting the path verification value and the password verification value into the login difference calculation strategy to calculate the login difference value, the login judgment module is used for judging whether the login difference value is larger than or equal to a set login difference alarm value, and the abnormal login alarm module is used for carrying out abnormal login alarm.
Specifically, the path verification value calculation module comprises a first data extraction unit, a first verification value calculation unit, a second verification value calculation unit and a path verification value calculation formula unit, wherein the first data extraction unit is used for extracting path content corresponding to a user history browsing path, browsing path information to be detected and logged in, an average value of times except for user history access rights and times except for access rights to be detected and logged in, the first verification value calculation unit is used for substituting the extracted path content corresponding to the user history browsing path and the browsing path information to be detected and logged in into the first verification value calculation formula to calculate a first verification value, the second verification value calculation unit is used for substituting the average value of times except for the extracted user history access rights and the times except for access rights to be detected into the second verification value calculation formula to calculate a second verification value, and the path verification value calculation formula unit is used for substituting the calculated first verification value and the calculated second verification value into the path verification value calculation formula to calculate the path verification value.
Specifically, an electronic device includes: a processor and a memory, wherein the memory stores a computer program for the processor to call;
the processor executes the DOS-based device operation protection method by calling the computer program stored in the memory.
Specifically, a computer readable storage medium stores instructions that, when executed on a computer, cause the computer to perform a DOS-based device operation protection method as described above.
Compared with the prior art, the invention has the beneficial effects that:
the method comprises the steps of respectively collecting and exporting user password verification information, user access authority and user browsing path information stored in a device hard disk, substituting the password verification information into a password verification value calculation strategy to calculate a password verification value, judging whether the password verification value is larger than or equal to a password verification threshold value after password verification is passed, if so, setting the user login as a login to be detected, monitoring the browsing path information of the login to be detected, extracting the real-time browsing path information of the login to be detected and the historical browsing path information of the user corresponding to the login, importing the historical browsing path information into the path verification value calculation strategy to calculate a path verification value, substituting the path verification value and the password verification value into a login difference calculation strategy to calculate a login difference value, further improving the isolation capability of non-staff on device control, improving the monitoring efficiency of equipment operation camera bellows operation aiming at a hacker, and further improving the safety of equipment operation and the security effect of important information.
Drawings
FIG. 1 is a schematic flow chart of a DOS-based equipment operation protection method of the present invention;
FIG. 2 is a schematic diagram showing a specific flow of step S5 of a DOS-based equipment operation protection method according to the present invention;
FIG. 3 is a schematic diagram of the overall architecture of a DOS-based equipment operation protection system of the present invention;
fig. 4 is a schematic diagram of a path verification value calculation module architecture of a DOS-based device operation protection system according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments.
Example 1
Referring to fig. 1-2, an embodiment of the present invention is provided: the DOS-based equipment operation protection method comprises the following specific steps:
s1, respectively acquiring and deriving user password verification information, user access permission and user browsing path information stored in a device hard disk, wherein the user password verification information specifically comprises the following steps: user password verification error number data, user verification password time data and user single verification password input character error number data;
the following is a simple C language example code, demonstrating how to collect user password verification information, user access rights and user browsing path information stored in a device hard disk, and then respectively exporting the user password verification information, the user access rights and the user browsing path information into a file;
this example is only a simple demonstration, and in practical applications, more complex and safe methods are required for storing and managing user information;
the specific content of S1 includes the following steps:
s11, taking user password verification error number data (x) after the last password modification stored in a hard disk of the equipment 1 ,x 2 ,...,x n ) User authentication password time data (y) 1 ,y 2 ,...,y n ) And the user single-time verification password input character error number data (z 1 ,z 2 ,...,z n ) Wherein x is i For the number of user password verification errors in the ith login, y i Verifying password time data for user at ith login, z i The method comprises the steps that the number of character errors is input for a user single verification password in the ith login, wherein i belongs to any one of 1-n, n is the number of user login after the last password modification, and user access authority and user browsing path information stored in a device hard disk are simultaneously taken;
s12, calculating the average value of the verification error times of the user passwordAverage value of user authentication password timeAnd average value of number of character errors of user single verification password input +.>
S2, substituting the password verification information into a password verification value calculation strategy to calculate a password verification value;
it should be noted that the specific steps of the password authentication value calculation strategy of S2 are as follows:
s21, extracting an average value of the password verification error times of the user, an average value of the password verification time of the user and an average value of the character error times of the single password input of the user, and simultaneously taking the error times of the password verification of the user, the password verification time and the character error times of the single password input of the user;
s22, importing the data extracted in the S21 into a password verification value calculation formula to calculate a password verification value, wherein the password verification value calculation formula is as follows:wherein x is t Number of errors for the user's password verification, y t Verification password time, z, for the user's password verification t Inputting character error times, a, for the verification password of the user for the password verification 1 The error number of the password verification is the ratio coefficient, a 2 Verifying the time duty ratio coefficient of the password for password verification, a 3 Inputting a character error number duty ratio coefficient for verifying a password, wherein a 1 +a 2 +a 3 =1, at the same time a 1 ≥a 2 ≥a 3 ;
S3, after the password verification is passed, judging whether the password verification value is greater than or equal to a password verification threshold value, and if so, executing S4; if not, the user login is not set as the login to be monitored, and the user freely accesses the content of the access authority;
s4, setting the user login as a login to be detected, and monitoring browsing path information of the user login;
it should be noted that, in S4, the specific step of setting the user login as the login to be detected and monitoring the browsing path information of the user login includes the following steps:
s41, setting a user login with a password verification value greater than or equal to a password verification threshold value as a login to be detected, extracting browsing path information of the login to be detected, wherein the browsing path information comprises path content corresponding to a browsing path and the number of times of the browsing path, the path content corresponding to the browsing path is a browsing path for accessing one of the affiliated interfaces by one interface, and the browsing path is as follows: the temperature control system and the humidity control system exist in the control interface, and the auxiliary interface of the temperature control system comprises a plurality of temperature control modules of the air conditioners, so that the temperature control modules from the temperature control system to one of the air conditioners are used as browsing paths;
s42, storing the times of historical browsing paths of the user and path contents corresponding to the browsing paths, extracting the times outside the historical access rights of the user, and monitoring the times outside the login access rights to be detected at the same time;
s43, calculating an average value of times except for the historical access rights of the user, wherein the calculation formula is as follows:wherein s is i The number of times outside the historical access rights of the ith normal login user;
s5, extracting the real-time browsing path information of the login to be detected and the historical browsing path information of the user corresponding to the login to import the path verification value into a path verification value calculation strategy to calculate a path verification value;
it should be noted that, the path verification value calculation strategy in S5 includes the following specific steps:
s51, extracting path content (p) corresponding to the user history browsing path 1 ,p 2 ,...,p n1 ) Browsing path information (P) of login to be detected 1 ,P 2 ,...,P n2 ) Average of the number of times outside the user's historical access rights and the number of times outside the access rights of the login to be detected, where p j For the browsing path of the j-th browsing history, j is any one of 1-n1, n1 is the number of the historical browsing paths, and P m For the m-th browsing path of the login to be detected, m is any one of 1-n2, and n2 is the number of the login browsing paths to be detected;
s52, the path content (p 1 ,p 2 ,...,p n1 ) Browsing path for logging to be detectedInformation (P) 1 ,P 2 ,...,P n2 ) Substituting the first verification value into a first verification value calculation formula to calculate a first verification value, wherein the first verification value calculation formula is as follows:wherein U is the union of the two sets, U is the intersection of the two sets, Q () is the number of elements in brackets;
s53, substituting the average value of the times except the historical access rights of the extracted user and the times except the access rights of the login to be detected into a second verification value calculation formula to calculate a second verification value, wherein the calculation formula of the second verification value is as follows:wherein S is 1 For the times beyond the access rights of the login to be detected, S is the average value of the times beyond the historical access rights of the user;
s54, substituting the calculated first verification value and second verification value into a path verification value calculation formula to calculate a path verification value, wherein the path verification value calculation formula is as follows:wherein beta is 1 For the first path value duty cycle, beta 2 Is the second path value duty ratio coefficient, wherein beta 1 +β 2 =1;
Here, the password authentication threshold, the registration difference alarm value, a 1 、a 2 、a 3 、β 1 And beta 2 The calculation mode of (a) is as follows: the user password verification information, the user access authority and the user browsing path information of 5000 groups of hackers during invasion are selected to be respectively collected and derived, and meanwhile, the user password verification information, the user access authority and the user browsing path data of the user are extracted and substituted into a calculation formula to be continuously trained, so that an optimal value meeting the set accuracy is obtained;
s6, substituting the path verification value and the password verification value into a login difference calculation strategy to calculate a login difference value;
it should be noted that, the login difference value calculation policy in S6 includes the following specific contents:
extracting the path verification value and the password verification value obtained by calculation, substituting the path verification value and the password verification value into a login difference value calculation formula to calculate the login difference value, wherein the login difference value calculation formula is the added value of the path verification value and the password verification value;
s7, judging whether the login difference value is larger than or equal to a set login difference alarm value, if so, carrying out abnormal login alarm, and if not, carrying out abnormal login alarm; it should be noted that the abnormal login alarm herein preferably sends an alarm or a short message to the administrator.
It should be noted that, the present invention collects and derives the user password verification information, the user access right and the user browsing path information stored in the device hard disk, substitutes the password verification information into the password verification value calculation strategy to calculate the password verification value, after the password verification is passed, judges whether the password verification value is greater than or equal to the password verification threshold, if yes, sets the user login as the login to be detected, monitors the browsing path information of the login to be detected, extracts the real-time browsing path information of the login to be detected and the historical browsing path information of the user corresponding to the login, imports the path verification value into the path verification value calculation strategy, substitutes the path verification value and the password verification value into the login difference calculation strategy to calculate the login difference value, further improves the isolation capability of non-staff on the device control, improves the monitoring efficiency of the operation of the device operation camera-bellows by hackers, and further improves the security of the device operation and the security effect of important information.
Example 2
As shown in fig. 3, a DOS-based device operation protection system is implemented based on the above-mentioned DOS-based device operation protection method, which specifically includes: the system comprises a control module, an information extraction module, a password verification value calculation module, a password verification value judgment module, a setting module, a path verification value calculation module, a login difference value calculation module, a login judgment module and an abnormal login alarm module, wherein the control module is used for the operation of the information extraction module, the password verification value calculation module, the password verification value judgment module, the setting module, the path verification value calculation module, the login difference value calculation module, the login judgment module and the abnormal login alarm module, the information extraction module is used for respectively collecting and deriving user password verification information stored in a hard disk of the device, user access rights and user browsing path information, the password verification value calculation module is used for substituting the password verification information into a password verification value calculation strategy to calculate the password verification value, the password verification value judgment module is used for judging whether the password verification value is larger than or equal to a password verification threshold after the password verification is passed, the setting module is used for setting the user login of which is larger than or equal to the password verification threshold to the login verification value to be detected, the path verification value calculation module is used for extracting the real-time browsing path information of the login to be detected login and the browsing path information of a user corresponding to the login alarm module to the abnormal login alarm module to calculate the path information, the password verification value is used for calculating the difference value which is larger than or equal to the login difference value calculated to the login alarm value;
as shown in fig. 4, in the present embodiment, the path verification value calculation module includes a first data extraction unit for extracting path content corresponding to the user history browsing path, browsing path information to be detected for login, an average value of the number of times other than the user history access authority, and the number of times other than the access authority to be detected for login, a first verification value calculation unit for substituting the extracted path content corresponding to the user history browsing path, the browsing path information to be detected for login into the first verification value calculation formula to calculate a first verification value, a second verification value calculation unit for substituting the extracted average value of the number of times other than the user history access authority and the number of times other than the access authority to be detected for login into the second verification value calculation formula to calculate a second verification value, and a path verification value calculation formula unit for substituting the calculated first verification value and second verification value into the path verification value calculation formula to perform calculation of the path verification value.
Example 3
The present embodiment provides an electronic device including: a processor and a memory, wherein the memory stores a computer program for the processor to call;
the processor executes a DOS-based device operation protection method as described above by invoking a computer program stored in the memory.
The electronic device may vary greatly in configuration or performance, and can include one or more processors (Central Processing Units, CPU) and one or more memories, where the memories store at least one computer program that is loaded and executed by the processors to implement a DOS-based device operation protection method provided by the above method embodiments. The electronic device can also include other components for implementing the functions of the device, for example, the electronic device can also have wired or wireless network interfaces, input-output interfaces, and the like, for inputting and outputting data. The present embodiment is not described herein.
Example 4
The present embodiment proposes a computer-readable storage medium having stored thereon an erasable computer program;
the computer program, when run on a computer device, causes the computer device to perform a DOS-based device operation protection method as described above.
For example, the computer readable storage medium can be Read-Only Memory (ROM), random access Memory (Random Access Memory, RAM), compact disk Read-Only Memory (Compact Disc Read-Only Memory, CD-ROM), magnetic tape, floppy disk, optical data storage device, etc.
It should be understood that, in various embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application.
It should be understood that determining B from a does not mean determining B from a alone, but can also determine B from a and/or other information.
The above embodiments may be implemented in whole or in part by software, hardware, firmware, or any other combination. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. When the computer instructions or computer program are loaded or executed on a computer, the processes or functions in accordance with embodiments of the present invention are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by way of wired or/and wireless networks from one website site, computer, server, or data center to another. Computer readable storage media can be any available media that can be accessed by a computer or data storage devices, such as servers, data centers, etc. that contain one or more collections of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided by the present invention, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely one, and there may be additional divisions in actual implementation, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
In the description of the present specification, the descriptions of the terms "one embodiment," "example," "specific example," and the like, mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The preferred embodiments of the invention disclosed above are intended only to assist in the explanation of the invention. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise form disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best understand and utilize the invention. The invention is limited only by the claims and the full scope and equivalents thereof.
Claims (12)
1. The DOS-based equipment operation protection method is characterized by comprising the following specific steps of:
s1, respectively acquiring and deriving user password verification information, user access rights and user browsing path information stored in a device hard disk;
s2, substituting the password verification information into a password verification value calculation strategy to calculate a password verification value;
s3, after the password verification is passed, judging whether the password verification value is greater than or equal to a password verification threshold value, and if so, executing S4; if not, the user login is not set as the login to be monitored, and the user freely accesses the content of the access authority;
s4, setting the user login as a login to be detected, and monitoring browsing path information of the user login;
s5, extracting the real-time browsing path information of the login to be detected and the historical browsing path information of the user corresponding to the login to import the path verification value into a path verification value calculation strategy to calculate a path verification value;
s6, substituting the path verification value and the password verification value into a login difference calculation strategy to calculate a login difference value;
s7, judging whether the login difference value is larger than or equal to a set login difference alarm value, if so, carrying out abnormal login alarm, and if not, carrying out abnormal login alarm.
2. A DOS-based device operation protection method as claimed in claim 1, characterized in that the specific content of S1 comprises the steps of:
s11, taking user password verification error number data (x) after the last password modification stored in a hard disk of the equipment 1 ,x 2 ,...,x n ) User authentication password time data (y) 1 ,y 2 ,...,y n ) And the user single-time verification password input character error number data (z 1 ,z 2 ,...,z n ) Wherein x is i For the number of user password verification errors in the ith login, y i Verifying password time data for user at ith login, z i The method comprises the steps that the number of character errors is input for a user single verification password in the ith login, wherein i belongs to any one of 1-n, n is the number of user login after the last password modification, and user access authority and user browsing path information stored in a device hard disk are simultaneously taken;
s12, calculating the average value of the verification error times of the user passwordAverage value of user authentication password timeAnd average value of number of character errors of user single verification password input +.>
3. A DOS-based device operation protection method as claimed in claim 2, characterized in that the specific steps of the password authentication value calculation policy of S2 are as follows:
s21, extracting an average value of the password verification error times of the user, an average value of the password verification time of the user and an average value of the character error times of the single password input of the user, and simultaneously taking the error times of the password verification of the user, the password verification time and the character error times of the single password input of the user;
s22, importing the data extracted in the S21 into a password verification value calculation formula to calculate a password verification value, wherein the password verification value calculation formula is as follows:wherein x is t Number of errors for the user's password verification, y t Verification password time, z, for the user's password verification t Inputting character error times, a, for the verification password of the user for the password verification 1 The error number of the password verification is the ratio coefficient, a 2 Verifying the time duty ratio coefficient of the password for password verification, a 3 Inputting a character error number duty ratio coefficient for verifying a password, wherein a 1 +a 2 +a 3 =1, at the same time a 1 ≥a 2 ≥a 3 。
4. A DOS-based device operation protection method as claimed in claim 3, wherein the specific step of setting the user login to be a login to be detected in S4, and monitoring the browsing path information of the user login includes the following steps:
s41, setting a user login with a password verification value greater than or equal to a password verification threshold as a login to be detected, extracting browsing path information of the login to be detected, wherein the browsing path information comprises path content corresponding to a browsing path and the times of the browsing path;
s42, storing the times of historical browsing paths of the user and path contents corresponding to the browsing paths, extracting the times outside the historical access rights of the user, and monitoring the times outside the login access rights to be detected at the same time;
s43, calculating an average value of times except for the historical access rights of the user, wherein the calculation formula is as follows:wherein s is i And (5) normally logging in the user for the ith times beyond the historical access rights.
5. A DOS-based device operation protection method as claimed in claim 4, wherein the path verification value calculation policy in S5 comprises the following specific steps:
s51, extracting path content (p) corresponding to the user history browsing path 1 ,p 2 ,...,p n1 ) Browsing path information (P) of login to be detected 1 ,P 2 ,...,P n2 ) Average of the number of times outside the user's historical access rights and the number of times outside the access rights of the login to be detected, where p j For the browsing path of the j-th browsing history, j is any one of 1-n1, n1 is the number of the historical browsing paths, and P m For the m-th browsing path of the login to be detected, m is any one of 1-n2, and n2 is the number of the login browsing paths to be detected;
s52, the path content (p 1 ,p 2 ,...,p n1 ) Browsing path information (P) of login to be detected 1 ,P 2 ,...,P n2 ) Substituting the first verification value into a first verification value calculation formula to calculate a first verification value, wherein the first verification value calculation formula is as follows:where U is the union of the two sets, U is the intersection of the two sets, and Q () is the number of elements in brackets.
6. A DOS-based device operation protection method as claimed in claim 5, wherein the path verification value calculation policy in S5 further comprises the following specific steps:
s53, substituting the average value of the times except the historical access rights of the extracted user and the times except the access rights of the login to be detected into a second verification value calculation formula to calculate a second verification value, wherein the calculation formula of the second verification value is as follows:wherein S is 1 For times outside the access rights of the login to be detectedS is the average value of times beyond the historical access rights of the user;
s54, substituting the calculated first verification value and second verification value into a path verification value calculation formula to calculate a path verification value, wherein the path verification value calculation formula is as follows:wherein beta is 1 For the first path value duty cycle, beta 2 Is the second path value duty ratio coefficient, wherein beta 1 +β 2 =1。
7. The DOS-based device operation protection method as claimed in claim 6, wherein the login difference value calculation policy in S6 includes the following specific contents:
and substituting the path verification value and the password verification value obtained through extraction and calculation into a login difference value calculation formula to calculate the login difference value, wherein the login difference value calculation formula is the added value of the path verification value and the password verification value.
8. DOS-based equipment operation protection system implemented on the basis of a DOS-based equipment operation protection method according to any one of claims 1-7, characterized in that it comprises in particular: the system comprises a control module, an information extraction module, a password verification value calculation module, a password verification value judgment module, a setting module, a path verification value calculation module, a login difference value calculation module, a login judgment module and an abnormal login alarm module, wherein the control module is used for controlling the operation of the information extraction module, the password verification value calculation module, the password verification value judgment module, the setting module, the path verification value calculation module, the login difference value calculation module, the login judgment module and the abnormal login alarm module, the information extraction module is used for respectively collecting and deriving user password verification information, user access permission and user browsing path information stored in a hard disk of the device, the password verification value calculation module is used for substituting the password verification information into a password verification value calculation strategy to calculate the password verification value, and the password verification value judgment module is used for judging whether the password verification value is larger than or equal to a password verification threshold after the password verification is passed, and the setting module is used for setting the user login of which is larger than or equal to the password verification threshold as login to be detected.
9. The DOS-based equipment operation protection system as claimed in claim 8, wherein the path verification value calculation module is configured to extract the real-time browsing path information of the login to be detected and the historical browsing path information of the user corresponding to the login, import the path verification value into the path verification value calculation policy, calculate the path verification value, and substitute the path verification value and the password verification value into the login difference calculation policy to perform calculation of the login difference value, and the login judgment module is configured to judge whether the login difference value is greater than or equal to a set login difference alarm value, and the abnormal login alarm module is configured to perform abnormal login alarm.
10. The DOS-based device running protection system according to claim 9, wherein the path verification value calculation module includes a first data extraction unit for extracting path contents corresponding to the user history browsing path, browsing path information to be detected login, an average value of times other than the user history access authority, and times other than the access authority to be detected login, a second verification value calculation unit for substituting the extracted path contents corresponding to the user history browsing path, browsing path information to be detected login into a first verification value calculation formula for calculating a first verification value, and substituting the extracted average value of times other than the user history access authority and times other than the access authority to be detected login into a second verification value calculation formula for calculating a second verification value, the path verification value calculation formula unit for substituting the calculated first verification value and second verification value into the path verification value calculation formula for calculating a path verification value.
11. An electronic device, comprising: a processor and a memory, wherein the memory stores a computer program for the processor to call;
the processor performs a DOS-based device operation protection method as claimed in any one of claims 1-7 by invoking a computer program stored in the memory.
12. A computer-readable storage medium, characterized by: instructions stored thereon which, when executed on a computer, cause the computer to perform a DOS-based device operation protection method as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311319748.3A CN117272325B (en) | 2023-10-12 | 2023-10-12 | DOS-based equipment operation protection method, system, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311319748.3A CN117272325B (en) | 2023-10-12 | 2023-10-12 | DOS-based equipment operation protection method, system, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117272325A true CN117272325A (en) | 2023-12-22 |
| CN117272325B CN117272325B (en) | 2024-03-26 |
Family
ID=89206061
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311319748.3A Active CN117272325B (en) | 2023-10-12 | 2023-10-12 | DOS-based equipment operation protection method, system, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117272325B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117932583A (en) * | 2024-03-19 | 2024-04-26 | 中科国信南京科技有限公司 | Self-service terminal operation detection method and system based on data monitoring |
| CN118200042A (en) * | 2024-05-08 | 2024-06-14 | 泰安中全信息技术有限公司 | Access control and security protection method and system based on zero trust network |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105323144A (en) * | 2014-07-16 | 2016-02-10 | 腾讯科技(深圳)有限公司 | Method and system for prompting message abnormity in instant messenger |
| CN108596738A (en) * | 2018-05-08 | 2018-09-28 | 新华三信息安全技术有限公司 | A kind of user behavior detection method and device |
| CN108875388A (en) * | 2018-05-31 | 2018-11-23 | 康键信息技术(深圳)有限公司 | Real-time risk control method, device and computer readable storage medium |
| CN111400357A (en) * | 2020-02-21 | 2020-07-10 | 中国建设银行股份有限公司 | Method and device for identifying abnormal login |
| CN112131551A (en) * | 2020-09-25 | 2020-12-25 | 平安国际智慧城市科技股份有限公司 | Verification code verification method and device, computer equipment and readable storage medium |
| CN112215613A (en) * | 2020-10-09 | 2021-01-12 | 支付宝(杭州)信息技术有限公司 | Password verification method, device, equipment and medium |
| US20210349979A1 (en) * | 2020-05-07 | 2021-11-11 | Microsoft Technology Licensing, Llc | Detection of slow brute force attacks based on user-level time series analysis |
-
2023
- 2023-10-12 CN CN202311319748.3A patent/CN117272325B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105323144A (en) * | 2014-07-16 | 2016-02-10 | 腾讯科技(深圳)有限公司 | Method and system for prompting message abnormity in instant messenger |
| CN108596738A (en) * | 2018-05-08 | 2018-09-28 | 新华三信息安全技术有限公司 | A kind of user behavior detection method and device |
| CN108875388A (en) * | 2018-05-31 | 2018-11-23 | 康键信息技术(深圳)有限公司 | Real-time risk control method, device and computer readable storage medium |
| CN111400357A (en) * | 2020-02-21 | 2020-07-10 | 中国建设银行股份有限公司 | Method and device for identifying abnormal login |
| US20210349979A1 (en) * | 2020-05-07 | 2021-11-11 | Microsoft Technology Licensing, Llc | Detection of slow brute force attacks based on user-level time series analysis |
| CN112131551A (en) * | 2020-09-25 | 2020-12-25 | 平安国际智慧城市科技股份有限公司 | Verification code verification method and device, computer equipment and readable storage medium |
| CN112215613A (en) * | 2020-10-09 | 2021-01-12 | 支付宝(杭州)信息技术有限公司 | Password verification method, device, equipment and medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117932583A (en) * | 2024-03-19 | 2024-04-26 | 中科国信南京科技有限公司 | Self-service terminal operation detection method and system based on data monitoring |
| CN118200042A (en) * | 2024-05-08 | 2024-06-14 | 泰安中全信息技术有限公司 | Access control and security protection method and system based on zero trust network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117272325B (en) | 2024-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN117272325B (en) | DOS-based equipment operation protection method, system, equipment and storage medium | |
| KR102542720B1 (en) | System for providing internet of behavior based intelligent data security platform service for zero trust security | |
| Yang et al. | Anomaly-based intrusion detection for SCADA systems | |
| CN113660224B (en) | Situation awareness defense method, device and system based on network vulnerability scanning | |
| JP2022512192A (en) | Systems and methods for behavioral threat detection | |
| CN104283889A (en) | Internal APT attack detection and early warning system of power system based on network architecture | |
| CN111683157A (en) | Network security protection method for Internet of things equipment | |
| CN105049445B (en) | A kind of access control method and free-standing access controller | |
| RU2666644C1 (en) | System and method of identifying potentially hazardous devices at user interaction with bank services | |
| CN110896386A (en) | Method, apparatus, storage medium, processor and terminal for identifying security threats | |
| JP5413010B2 (en) | Analysis apparatus, analysis method, and program | |
| US8978150B1 (en) | Data recovery service with automated identification and response to compromised user credentials | |
| CN117150459A (en) | Zero-trust user identity security detection method and system | |
| CN113422776A (en) | Active defense method and system for information network security | |
| JP2003208269A (en) | Secondary storage device having security mechanism and its access control method | |
| JP4363214B2 (en) | Access policy generation system, access policy generation method, and access policy generation program | |
| CN110099041A (en) | A kind of Internet of Things means of defence and equipment, system | |
| JP4843546B2 (en) | Information leakage monitoring system and information leakage monitoring method | |
| JP4490254B2 (en) | User authority control device, user authority control method, and user authority control program | |
| CN1328876C (en) | Method for self-adapting testing access of abnormal files | |
| CN111859386A (en) | Trojan detection method and system based on behavior analysis | |
| JP6890559B2 (en) | Access analysis system and access analysis method | |
| KR101200055B1 (en) | Real time protecting system from infiltraion for c4isr and data center | |
| CN115086081A (en) | Escape prevention method and system for honeypots | |
| JP7333748B2 (en) | Electronic devices and attack detection methods for electronic devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |